我正在使用spring security 3.1.4,我想将每个用户的会话数限制为1但是如果有人试图登录它将关闭旧会话并打开一个新会话(而不是不允许登录)我该怎么做?
编辑: 这是我添加到xmls的内容: 的web.xml
<listener>
<listener-class>
com.net.filter.session.SessionListener
</listener-class>
</listener>
SessionListener扩展了HttpSessionEventPublisher
的security.xml
<security:intercept-url pattern="/**"
access="isAuthenticated()" />
<security:session-management>
<security:concurrency-control
max-sessions="1"/>
</security:session-management>
<security:form-login
authentication-success-handler-ref="playerAuthenticationSuccessHandler" />
<security:logout logout-url="/player/logout"
success-handler-ref="playerLogoutSuccessHandler" delete-cookies="JSESSIONID" />
</security:http>
<bean id="bCryptPasswordEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
<security:authentication-manager>
<security:authentication-provider
ref="authenticationProvider">
</security:authentication-provider>
</security:authentication-manager>
是playerAuthenticationSuccessHandler,authenticationProvider和playerLogoutSuccessHandler扩展了spring默认值。